search

ActivityWatch / activitywatch

The best free and open-source automated time tracker. Cross-platform, extensible, privacy-focused.
https://activitywatch.net/
Mozilla Public License 2.0
11.44k stars 521 forks source link

build(deps): bump urllib3 from 1.26.15 to 2.0.3 #909

Closed dependabot[bot] closed 11 months ago

dependabot[bot] commented 1 year ago

Bumps urllib3 from 1.26.15 to 2.0.3.

Release notes

Sourced from urllib3's releases.

2.0.3

  • Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. #3020
  • Deprecated URLs which don't have an explicit scheme #2950
  • Fixed response decoding with Zstandard when compressed data is made of several frames. #3008
  • Fixed assert_hostname=False to correctly skip hostname check. #3051

2.0.2

  • Fixed HTTPResponse.stream() to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (urllib3/urllib3#3009)

2.0.1

  • Fixed a socket leak when fingerprint or hostname verifications fail. (#2991)
  • Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. (#2998)

2.0.0

Read the v2.0 migration guide for help upgrading to the latest version of urllib3.

Removed

  • Removed support for Python 2.7, 3.5, and 3.6 (#883, #2336).
  • Removed fallback on certificate commonName in match_hostname() function. This behavior was deprecated in May 2000 in RFC 2818. Instead only subjectAltName is used to verify the hostname by default. To enable verifying the hostname against commonName use SSLContext.hostname_checks_common_name = True (#2113).
  • Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (#2168).
  • Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ImportError is raised (#2168).
  • Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (#2082).
  • Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment (#2044).
  • Removed deprecated Retry options method_whitelist, DEFAULT_REDIRECT_HEADERS_BLACKLIST (#2086).
  • Removed urllib3.HTTPResponse.from_httplib (#2648).
  • Removed default value of None for the request_context parameter of urllib3.PoolManager.connection_from_pool_key. This change should have no effect on users as the default value of None was an invalid option and was never used (#1897).
  • Removed the urllib3.request module. urllib3.request.RequestMethods has been made a private API. This change was made to ensure that from urllib3 import request imported the top-level request() function instead of the urllib3.request module (#2269).
  • Removed support for SSLv3.0 from the urllib3.contrib.pyopenssl even when support is available from the compiled OpenSSL library (#2233).
  • Removed the deprecated urllib3.contrib.ntlmpool module (#2339).
  • Removed DEFAULT_CIPHERS, HAS_SNI, USE_DEFAULT_SSLCONTEXT_CIPHERS, from the private module urllib3.util.ssl_ (#2168).
  • Removed urllib3.exceptions.SNIMissingWarning (#2168).
  • Removed the _prepare_conn method from HTTPConnectionPool. Previously this was only used to call HTTPSConnection.set_cert() by HTTPSConnectionPool (#1985).
  • Removed tls_in_tls_required property from HTTPSConnection. This is now determined from the scheme parameter in HTTPConnection.set_tunnel() (#1985).

Deprecated

  • Deprecated HTTPResponse.getheaders() and HTTPResponse.getheader() which will be removed in urllib3 v2.1.0. Instead use HTTPResponse.headers and HTTPResponse.headers.get(name, default). (#1543, #2814).
  • Deprecated urllib3.contrib.pyopenssl module which will be removed in urllib3 v2.1.0 (#2691).
  • Deprecated urllib3.contrib.securetransport module which will be removed in urllib3 v2.1.0 (#2692).
  • Deprecated ssl_version option in favor of ssl_minimum_version. ssl_version will be removed in urllib3 v2.1.0 (#2110).
  • Deprecated the strict parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (#2267)
  • Deprecated the NewConnectionError.pool attribute which will be removed in urllib3 v2.1.0 (#2271).
  • Deprecated format_header_param_html5 and format_header_param in favor of format_multipart_header_param (#2257).
  • Deprecated RequestField.header_formatter parameter which will be removed in urllib3 v2.1.0 (#2257).
  • Deprecated HTTPSConnection.set_cert() method. Instead pass parameters to the HTTPSConnection constructor (#1985).
  • Deprecated HTTPConnection.request_chunked() method which will be removed in urllib3 v2.1.0. Instead pass chunked=True to HTTPConnection.request() (#1985).

Added

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.0.3 (2023-06-07)

  • Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. ([#3020](https://github.com/urllib3/urllib3/issues/3020) <https://github.com/urllib3/urllib3/issues/3020>__)
  • Deprecated URLs which don't have an explicit scheme ([#2950](https://github.com/urllib3/urllib3/issues/2950) <https://github.com/urllib3/urllib3/pull/2950>_)
  • Fixed response decoding with Zstandard when compressed data is made of several frames. ([#3008](https://github.com/urllib3/urllib3/issues/3008) <https://github.com/urllib3/urllib3/issues/3008>__)
  • Fixed assert_hostname=False to correctly skip hostname check. ([#3051](https://github.com/urllib3/urllib3/issues/3051) <https://github.com/urllib3/urllib3/issues/3051>__)

2.0.2 (2023-05-03)

  • Fixed HTTPResponse.stream() to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. ([#3009](https://github.com/urllib3/urllib3/issues/3009) <https://github.com/urllib3/urllib3/issues/3009>__)

2.0.1 (2023-04-30)

  • Fixed a socket leak when fingerprint or hostname verifications fail. ([#2991](https://github.com/urllib3/urllib3/issues/2991) <https://github.com/urllib3/urllib3/issues/2991>__)
  • Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. ([#2998](https://github.com/urllib3/urllib3/issues/2998) <https://github.com/urllib3/urllib3/issues/2998>__)

2.0.0 (2023-04-26)

Read the v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>__ for help upgrading to the latest version of urllib3.

Removed

  • Removed support for Python 2.7, 3.5, and 3.6 ([#883](https://github.com/urllib3/urllib3/issues/883) <https://github.com/urllib3/urllib3/issues/883>, [#2336](https://github.com/urllib3/urllib3/issues/2336) <https://github.com/urllib3/urllib3/issues/2336>).
  • Removed fallback on certificate commonName in match_hostname() function. This behavior was deprecated in May 2000 in RFC 2818. Instead only subjectAltName is used to verify the hostname by default. To enable verifying the hostname against commonName use SSLContext.hostname_checks_common_name = True ([#2113](https://github.com/urllib3/urllib3/issues/2113) <https://github.com/urllib3/urllib3/issues/2113>__).
  • Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 ([#2168](https://github.com/urllib3/urllib3/issues/2168) <https://github.com/urllib3/urllib3/issues/2168>__).
  • Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ImportError is raised ([#2168](https://github.com/urllib3/urllib3/issues/2168) <https://github.com/urllib3/urllib3/issues/2168>__).
  • Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure ([#2082](https://github.com/urllib3/urllib3/issues/2082) <https://github.com/urllib3/urllib3/issues/2082>__).
  • Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment ([#2044](https://github.com/urllib3/urllib3/issues/2044) <https://github.com/urllib3/urllib3/issues/2044>__).
  • Removed deprecated Retry options method_whitelist, DEFAULT_REDIRECT_HEADERS_BLACKLIST ([#2086](https://github.com/urllib3/urllib3/issues/2086) <https://github.com/urllib3/urllib3/issues/2086>__).
  • Removed urllib3.HTTPResponse.from_httplib ([#2648](https://github.com/urllib3/urllib3/issues/2648) <https://github.com/urllib3/urllib3/issues/2648>__).
  • Removed default value of None for the request_context parameter of urllib3.PoolManager.connection_from_pool_key. This change should have no effect on users as the default value of None was an invalid option and was never used ([#1897](https://github.com/urllib3/urllib3/issues/1897) <https://github.com/urllib3/urllib3/issues/1897>__).
  • Removed the urllib3.request module. urllib3.request.RequestMethods has been made a private API. This change was made to ensure that from urllib3 import request imported the top-level request() function instead of the urllib3.request module ([#2269](https://github.com/urllib3/urllib3/issues/2269) <https://github.com/urllib3/urllib3/issues/2269>__).
  • Removed support for SSLv3.0 from the urllib3.contrib.pyopenssl even when support is available from the compiled OpenSSL library ([#2233](https://github.com/urllib3/urllib3/issues/2233) <https://github.com/urllib3/urllib3/issues/2233>__).

... (truncated)

Commits
  • 92196a0 Release 2.0.3
  • 52d2eb1 Fix assert_hostname=False (#3055)
  • bfbd47e Fix Python 3.12 CI
  • b63cc4c Correct docstring for Retry backoff factor (#3037)
  • 7e3884d Allow non-OpenSSL TLS libaries with a warning
  • e67f13c Add 1.26.16 release to CHANGES.rst on main
  • ffa2b63 Deprecate URLs without an explicit scheme
  • 4e9060b Added OpenGraph information to the documentation
  • 8e94754 Remove outdated reference in LICENSE.txt
  • 5dbc8e2 Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 11 months ago

Superseded by #929.